私有云搭建 OpenStack(centos7.3, centos-release-openstack-ocata)
OpenStack(centos7.3,centos-release-openstack-ocata)
?
nova:計(jì)算節(jié)點(diǎn)
???????? queue:消息隊(duì)列,系統(tǒng)瓶頸所在
???????? scheduler:調(diào)度機(jī)制
???????? conductor:更新數(shù)據(jù)庫
???????? cert(objectstore):證書
???????? console:連接端口
???????? consoleauth:連接端口認(rèn)證
?
glance:存儲(chǔ)映像文件和硬盤
???????? registry:調(diào)用數(shù)據(jù)庫的接口,檢索接口
???????? database:映像文件的存儲(chǔ)位置等
?????????????????? swift:分布式存儲(chǔ)
?
neutron:網(wǎng)絡(luò)服務(wù),負(fù)責(zé)接收對網(wǎng)絡(luò)的調(diào)用請求
???????? plugins:插件
???????? agents:網(wǎng)絡(luò)服務(wù)器
?
cinder:塊存儲(chǔ)
???????? api:接受請求并分配volume
???????? vloume:
???????? database
???????? scheduler:
?
swift:存儲(chǔ)對象節(jié)點(diǎn)
???????? account:賬號管理
???????? container:容量管理,管理阿布管理
???????? object:對象管理
?
?
環(huán)境準(zhǔn)備
控制節(jié)點(diǎn)
hostname:linux-node1.oldboyedu.com
ip地址:192.168.1.30
計(jì)算節(jié)點(diǎn):
hostname:linux-node2.oldboyedu.com
ip地址:192.168.1.31
?
?
先配置控制節(jié)點(diǎn)192.168.1.30
vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
DEVICE=ens33
NM_CONTROLLLER=yes
IPADDR=192.168.1.30
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
重啟網(wǎng)卡使設(shè)置生效
nmcli connection down ens33
nmcli connection up ens33
?
修改主機(jī)名
需要修改兩處:一處是/etc/hostname,另一處是/etc/hosts
[root@localhost ~]# vi /etc/hostname
linux-node1
[root@localhost ~]# systemctlrestart NetworkManager
[root@localhost ~]# hostname
linux-node1
[root@localhost ~]# vi /etc/hosts
192.168.1.30?? linux-node1????? linux-node1.oldboyedu.com
192.168.1.31?? linux-node2????? linux-node2.oldboyedu.com
將上面兩個(gè)文件修改完后,并不能立刻生效。如果要立刻生效的話,可以用 hostname your-hostname 作臨時(shí)修改,它只是臨時(shí)地修改主機(jī)名,系統(tǒng)重啟后會(huì)恢復(fù)原樣的。
hostname linux-node1
?
?
?
安裝時(shí)間同步
yum install chrony
?
[root@localhost ~]# vi /etc/chrony.conf
allow 192.168.0.0/16
?
設(shè)置開機(jī)自啟動(dòng)
[root@localhost ~]# systemctlenable chronyd.service
?
啟動(dòng)chronyd
[root@localhost ~]# systemctl start chronyd.service
?
[root@localhost ~]# timedatectl set-timezone Asia/Shanghai
[root@localhost ~]# date
Thu Nov? 2 16:23:07 CST 2017
?
關(guān)閉 selinux(centos7.3需要改2個(gè)地方/etc/sysconfig/selinux和/etc/selinux/config)
sed -i's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
setenforce 0
?
關(guān)閉 iptables
systemctlstop firewalld.service
systemctldisable firewalld.service
?
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
?
升級本地軟件:
[root@localhost ~]# yum update-y
?
?
[root@localhost ~]#yum installcentos-release-openstack-liberty -y
Loaded plugins: fastestmirror
epel/x86_64/metalink???????????????????????????????????? | 6.1kB???? 00:00????
epel????????????????????????????????????????????????????| 4.3 kB???? 00:00????
(1/3): epel/x86_64/group_gz??????????????????????????????? | 261 kB?? 00:00????
(2/3): epel/x86_64/updateinfo????????????????????????????? | 842 kB?? 00:01????
(3/3): epel/x86_64/primary_db????????????????????????????? | 6.1 MB?? 00:04????
Loading mirror speeds from cached hostfile
?* base: mirrors.163.com
?* epel: mirrors.ustc.edu.cn
?* extras: mirrors.cn99.com
?* updates: mirrors.163.com
No package centos-release-openstack-liberty available.
Error: Nothing to do
?
解決:選擇安裝Ocata的yum源(我的噩夢開始了。。。。。。。。。。。。。)
[root@localhost ~]#yum install centos-release-openstack-ocata -y
?
再升級一遍,以防萬一,防止軟件版本過低。
[root@localhost ~]#yumupgrade -y
?
驗(yàn)證yum源是否可用:
[root@localhost ~]#yum repolist
?
[root@localhost~]#yum install python-openstackclient -y
?
MySQL
[root@localhost yum.repos.d]# yum install mariadb mariadb-server MySQL-python-y [root@localhostyum.repos.d]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf
[root@localhostyum.repos.d]# vi /etc/my.cnf
[mysqld]
default-storage-engine= innodb
innodb_file_per_table
collation-server =utf8_general_ci
init-connect = 'SETNAMES utf8'
character-set-server = utf8
[root@localhostyum.repos.d]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.serviceto /usr/lib/systemd/system/mariadb.service.
[root@localhostyum.repos.d]#systemctlstart mariadb.service
[root@localhostyum.repos.d]# mysql_secure_installation? (一路 y 回車) (設(shè)置mysql的密碼123456)
[root@localhostyum.repos.d]# mysql -uroot -p123456
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ONglance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ONglance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ONnova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ONnova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ONneutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ONneutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ONcinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ONcinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
?
?
安裝RabbitMQ
[root@localhost ~]# yum install rabbitmq-server -y
Error: Package:erlang-erts-18.3.4.4-2.el7.x86_64 (centos-openstack-liberty)
?????????? Requires: lksctp-tools
解決:
[root@localhost ~]# rpm -ivhlksctp-tools-1.0.17-2.el7.x86_64.rpm
[root@localhost ~]# yuminstall rabbitmq-server -y
[root@localhost~]# systemctl enable rabbitmq-server.service???
Created symlink from/etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to/usr/lib/systemd/system/rabbitmq-server.service.
[root@localhost ~]# systemctl start rabbitmq-server.service
?
[root@localhost ~]# netstat-ntlp
5672是rabbitmq端口號
?
新建Rabbitmq用戶并授權(quán)
[root@localhost ~]#? rabbitmqctl add_user openstack openstack
Creating user"openstack" ...
[root@localhost ~]#rabbitmqctl set_permissions openstack".*" ".*" ".*"
Setting permissions for user"openstack" in vhost "/" ...
?
啟用Rabbitmq的web管理插件
[root@localhost ~]#rabbitmq-plugins list
[root@localhost ~]# rabbitmq-pluginsenable rabbitmq_management
The following plugins havebeen enabled:
? mochiweb
? webmachine
? rabbitmq_web_dispatch
? amqp_client
? rabbitmq_management_agent
? rabbitmq_management
Applying pluginconfiguration to rabbit@localhost... started 6 plugins.
?
重啟Rabbitmq
[root@localhost ~]# systemctlrestart rabbitmq-server.service
?
查看Rabbit的端口,其中5672是服務(wù)端口,15672是web管理端口,25672是做集群的端口
[root@localhost ~]# netstat -lntup |grep 5672
tcp??????? 0?????0 0.0.0.0:15672??????????0.0.0.0:*?????????????? LISTEN????? 6984/beam??????????
tcp??????? 0?????0 0.0.0.0:25672??????????0.0.0.0:*?????????????? LISTEN????? 6984/beam??????????
tcp6?????? 0?????0 :::5672????????????????:::*???????????????????LISTEN????? 6984/beam??
?
?
登陸http://192.168.1.30:15672?(用戶名:guest密碼:guest)
http://192.168.1.30:15672/#/users
點(diǎn)openstack
點(diǎn)update this user
密碼中輸入:openstack,Tags: administrator
再登陸http://192.168.1.30:15672(用戶名:openstack密碼:openstack)
現(xiàn)在已經(jīng)有了2個(gè)用戶可以登陸
?
若想要監(jiān)控Rabbit,即可使用下圖中的API
?
?
?
Keystone
yum install openstack-keystonehttpd mod_wsgi memcached python-memcached -y
?
修改keystone的配置文件
vi /etc/keystone/keystone.conf
[DEFAULT]
admin_token= 7fff823bda267b2db6cc?? (通過openssl rand -hex 10產(chǎn)生的隨機(jī)數(shù))(用作無用戶時(shí),創(chuàng)建用戶來鏈接,此內(nèi)容使用openssl隨機(jī)產(chǎn)生)
[database]
#Deprecated group/name - [sql]/connection
#connection = <None>
connection =mysql://keystone:keystone@192.168.1.30/keystone
(用作鏈接數(shù)據(jù)庫,三個(gè)keysthone分別為keystone組件,keystone用戶名,mysql中的keysthone庫名)
[memcache]
servers = 192.168.1.30:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql
# DEPRECATED: If set tofalse, the logging level will be set to WARNING instead
# of the default INFO level. (boolean value)
# This option is deprecatedfor removal.
# Its value may be silentlyignored in the future.
verbose = true
?
[root@linux-node2 keystone]#grep? '^[a-z]'/etc/keystone/keystone.conf
admin_token =7fff823bda267b2db6cc
verbose= true
connection =mysql://keystone:keystone@192.168.1.30/keystone
servers = 192.168.1.30:11211
driver = sql
provider = uuid
driver = memcache
?
?
切換到keystone用戶,導(dǎo)入keystoe數(shù)據(jù)庫
[root@localhost ~]#su -s /bin/sh -c "keystone-manage db_sync" keystone(因?yàn)?/span>keystone程序啟動(dòng)時(shí)需要以keystone用戶寫入到該keystone.log文件,如果用root執(zhí)行,這里keystone程序就不能以keystone用戶權(quán)限寫入到該log文件,以至于程序無法啟動(dòng)。)
?
?
[root@localhost ~]#cd /var/log/keystone/
[root@localhost keystone]# ll
total 8
-rw-r--r--. 1 keystonekeystone 6754 Nov? 3 08:26 keystone.log
?
[root@localhost keystone]# mysql-h 192.168.1.30 -u keystone -pkeystone
MariaDB [(none)]> use keystone;
Database changed
MariaDB [keystone]> showtables;
+------------------------+
| Tables_in_keystone???? |
+------------------------+
| access_token?????????? |
| assignment???????????? |
| config_register??????? |
| consumer?????????????? |
| credential???????????? |
| endpoint?????????????? |
| endpoint_group???????? |
| federated_user???????? |
| federation_protocol??? |
| group????????????????? |
| id_mapping???????????? |
| identity_provider????? |
| idp_remote_ids???????? |
| implied_role?????????? |
| local_user???????????? |
| mapping??????????????? |
| migrate_version??????? |
| nonlocal_user????????? |
| password?????????????? |
| policy???????????????? |
| policy_association???? |
| project??????????????? |
| project_endpoint?????? |
| project_endpoint_group |
| region???????????????? |
| request_token????????? |
| revocation_event?????? |
| role?????????????????? |
| sensitive_config?????? |
| service??????????????? |
| service_provider?????? |
| token????????????????? |
| trust????????????????? |
| trust_role???????????? |
| user???????? ??????????|
| user_group_membership? |
| user_option??????????? |
| whitelisted_config???? |
+------------------------+
38 rows in set (0.00 sec)
?
?
如果數(shù)據(jù)庫出問題,可以重置
刪除數(shù)據(jù)庫(這里刪除會(huì)和表一起全部刪除)
mysql -h 192.168.1.30 -u keystone -pkeystone
MariaDB[(none)]>dropdatabase keystone;
然后創(chuàng)建數(shù)據(jù)庫(這里只是創(chuàng)建一個(gè)數(shù)據(jù)名字,并沒有實(shí)際的表)
MariaDB[(none)]>createdatabase keystone;
MariaDB[(none)]> quit;
?
同步keystone;
root@controller1:~#keystone-managedb_sync;
重置完畢
如果數(shù)據(jù)庫同步后沒數(shù)據(jù),執(zhí)行以下
[root@localhostyum.repos.d]# mysql-uroot-p123456
CREATE DATABASEkeystone;
GRANT ALLPRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO'keystone'@'%' IDENTIFIED BY 'keystone';
?
?
添加一個(gè)apache的wsgi-keystone配置文件,其中5000端口是提供該服務(wù)的,35357是為admin提供管理用的
vi /etc/httpd/conf.d/wsgi-keystone.conf
Listen5000
Listen 35357
<VirtualHost *:5000>
??? WSGIDaemonProcess keystone-publicprocesses=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
??? WSGIProcessGroup keystone-public
??? WSGIScriptAlias / /usr/bin/keystone-wsgi-public
??? WSGIApplicationGroup %{GLOBAL}
??? WSGIPassAuthorization On
??? <IfVersion >= 2.4>
????? ErrorLogFormat "%{cu}t %M"
??? </IfVersion>
??? ErrorLog /var/log/httpd/keystone-error.log
??? CustomLog /var/log/httpd/keystone-access.logcombined
??? <Directory /usr/bin>
??????? <IfVersion >= 2.4>
??????????? Require all granted
??????? </IfVersion>
??????? <IfVersion < 2.4>
??????????? Order allow,deny
??????????? Allow from all
??????? </IfVersion>
??? </Directory>
</VirtualHost>
<VirtualHost *:35357>
??? WSGIDaemonProcess keystone-adminprocesses=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
??? WSGIProcessGroup keystone-admin
??? WSGIScriptAlias //usr/bin/keystone-wsgi-admin
??? WSGIApplicationGroup %{GLOBAL}
?? ?WSGIPassAuthorization On
??? <IfVersion >= 2.4>
????? ErrorLogFormat "%{cu}t %M"
??? </IfVersion>
??? ErrorLog /var/log/httpd/keystone-error.log
??? CustomLog /var/log/httpd/keystone-access.logcombined
??? <Directory /usr/bin>
??????? <IfVersion >= 2.4>
??????????? Require all granted
??????? </IfVersion>
??????? <IfVersion < 2.4>
??????????? Order allow,deny
??????????? Allow from all
??????? </IfVersion>
??? </Directory>
</VirtualHost>
?
配置apache的servername,如果不配置servername,會(huì)影響keystone服務(wù)
vi /etc/httpd/conf/httpd.conf
#ServerName www.example.com:80
ServerName 192.168.1.30:80
?
啟動(dòng)memcached,httpd,keystone
[root@localhost etc]#systemctl enable memcached
Created symlink from/etc/systemd/system/multi-user.target.wants/memcached.service to/usr/lib/systemd/system/memcached.service.
[root@localhost etc]# systemctl enable httpd
Created symlink from/etc/systemd/system/multi-user.target.wants/httpd.service to/usr/lib/systemd/system/httpd.service.
[root@localhost etc]# systemctl start httpd
[root@localhost etc]#netstat-ntlp |grep http
tcp6?????? 0????? 0 :::80?????????????????? :::*??????????????????? LISTEN?????
42732/httpd????????
tcp6?????? 0????? 0 :::35357??????????????? :::*??????????????????? LISTEN?????
42732/httpd????????
tcp6?????? 0????? 0 :::5000???????????????? :::*??????????????????? LISTEN?????
42732/httpd?
keystone監(jiān)聽的兩個(gè)端口35357和5000。?? 35357用于管理,5000用于普通用戶。
?
[root@localhost etc]#systemctlstart memcached
?
創(chuàng)建用戶并連接keystone,在這里可以使用兩種方式,通過keystone -help后家參數(shù)的方式,或者使用環(huán)境變量env的方式,下面就將使用環(huán)境變量的方式,分別設(shè)置了token,API及控制版本(SOA種很適用)
[root@localhost etc]# export OS_TOKEN=7fff823bda267b2db6cc
[root@localhost etc]# export OS_URL=http://192.168.1.30:35357/v3
[root@localhost etc]# exportOS_IDENTITY_API_VERSION=3
?
創(chuàng)建域‘default’:
提示:--description是域的描述,最后一個(gè)default是域的名稱
[root@linux-node1~]#openstackdomain create default
+-------------+----------------------------------+
| Field?????? | Value??????????????????????????? |
+-------------+----------------------------------+
| description |????????????????????????????????? |
| enabled???? | True???????????????????????????? |
| id????????? | 660bc70fb8f046ba8c565b08a5f2dd6c |
| name??????? | default????????????????????????? |
+-------------+----------------------------------+
?
創(chuàng)建admin項(xiàng)目(project)
命令格式:openstack project --domain 域 --description"描述" 項(xiàng)目名
作用:管理所有的云主機(jī)
[root@linux-node1 ~]# openstack projectcreate --domain default --description "Admin Project"admin
+-------------+----------------------------------+
| Field?????? | Value??????????????????????????? |
+-------------+----------------------------------+
| description | AdminProject??????????????????? |
| domain_id?? | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled???? | True???????????????????????????? |
| id????????? | bc6145f01fb849fcb9ea6a7ba1d84ffe |
| is_domain?? | False??????????????????????????? |
| name??????? | admin??????????????????????????? |
| parent_id?? | 660bc70fb8f046ba8c565b08a5f2dd6c |
+-------------+----------------------------------+
?
創(chuàng)建admin用戶(user)并設(shè)置密碼(生產(chǎn)環(huán)境一定設(shè)置一個(gè)復(fù)雜的)
[root@linux-node1 ~]#openstack user create --domain default--password-prompt admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field?????????????? | Value??????????????????????????? |
+---------------------+----------------------------------+
| domain_id?????????? | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled???????????? | True???????????????????????????? |
| id????????????????? |009d9c1b575c48a598d1700ea42f2870 |
| name??????????????? | admin??????????????????????????? |
| options???????????? | {}?????????????????????????????? |
| password_expires_at |None???????????????????????????? |
+---------------------+----------------------------------+
或者直接創(chuàng)建密碼
[root@localhost ~]# openstackuser create --domain default --password=admin admin
+---------------------+----------------------------------+
| Field?????????????? | Value??????????????????????????? |
+---------------------+----------------------------------+
| domain_id?????????? | 81f258d962ee49ef8814cc6054ce65c0|
| enabled?????? ??????| True???????????????????????????? |
| id????????????????? |89d4ab9674c044928e8ded6ab98b1ebc |
| name??????????????? | admin??????????????????????????? |
| options???????????? | {}?????????????????????????????? |
| password_expires_at |None??????? ?????????????????????|
+---------------------+----------------------------------+
?
創(chuàng)建admin的角色(role)
[root@linux-node1 ~]#openstack role create admin
+-----------+----------------------------------+
| Field???? | Value??????????????????????????? |
+-----------+----------------------------------+
| domain_id | None???????????????????????????? |
| id??????? |be3fa42e824f44758201f249fbd9299d |
| name????? | admin??????????????????????????? |
+-----------+----------------------------------+
?
把admin用戶加到admin項(xiàng)目,賦予admin角色,把角色,項(xiàng)目,用戶關(guān)聯(lián)起來
[root@localhost keystone]#openstack role add --project admin --user admin admin
?
創(chuàng)建一個(gè)普通用戶demo,demo項(xiàng)目,角色為普通用戶(uesr),并把它們關(guān)聯(lián)起來
在Openstack中一般的任務(wù)我們都應(yīng)該使用一個(gè)沒有太多權(quán)限的user來操作。在這里我們創(chuàng)建一個(gè)demouser。
[root@linux-node1 ~]#openstack project create --domain default--description "Demo Project" demo
+-------------+----------------------------------+
| Field?????? | Value??????????????????????????? |
+-------------+----------------------------------+
| description | DemoProject??????????????? ?????|
| domain_id?? | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled???? | True???????????????????????????? |
| id????????? | b0bfa350ea0a4af4934a64f646691eed |
| is_domain?? | False??????????????????????????? |
| name??????? | demo???????????????????????? ????|
| parent_id?? | 660bc70fb8f046ba8c565b08a5f2dd6c |
+-------------+----------------------------------+
[root@linux-node1 ~]#openstack user create --domain default --password=demo demo
+---------------------+----------------------------------+
| Field?????????????? | Value??????????????????????????? |
+---------------------+----------------------------------+
| domain_id?????????? | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled???????????? | True???????????????????????????? |
| id????????????????? | 4bd21e87bcfa4f7696d26d5e6bfa7592|
| name??????????????? | demo???????????????????????????? |
| options???????????? | {}?????????????????????????????? |
| password_expires_at |None???????????????????????????? |
+---------------------+----------------------------------+
?
[root@linux-node1 ~]# openstackrole create user
+-----------+----------------------------------+
| Field???? | Value??????????????????????????? |
+-----------+----------------------------------+
| domain_id | None???????????????????????????? |
| id??????? | 874f576d6a864b0589ffbd1150ee35d4 |
| name????? | user???????????????????????????? |
+-----------+----------------------------------+
[root@localhost ~]#openstackrole add --project demo --user demo user
?
創(chuàng)建一個(gè)service的項(xiàng)目,此服務(wù)用來管理nova,neuturn,glance等組件的服務(wù)
[root@linux-node1 ~]#openstackproject create --domain default --description "Service Project"service
+-------------+----------------------------------+
| Field?????? | Value??????????????????????????? |
+-------------+----------------------------------+
| description | ServiceProject????????????????? |
| domain_id?? | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled???? | True???????????????????????????? |
| id????????? | 20019fb0d9864523b3015aac8da4a31c |
| is_domain?? | False??????????????????????????? |
| name??????? | service????????????????????????? |
| parent_id?? | 660bc70fb8f046ba8c565b08a5f2dd6c |
+-------------+----------------------------------+
?
查看創(chuàng)建的用戶,角色,項(xiàng)目
[root@linux-node1 ~]#openstackuser list
+----------------------------------+-------+
| ID?????????????????????????????? | Name? |
+----------------------------------+-------+
|009d9c1b575c48a598d1700ea42f2870 | admin |
|4bd21e87bcfa4f7696d26d5e6bfa7592 | demo?|
+----------------------------------+-------+
[root@linux-node1 ~]#? openstack projectlist
+----------------------------------+---------+
| ID?????????????????????????????? | Name??? |
+----------------------------------+---------+
|20019fb0d9864523b3015aac8da4a31c | service |
| b0bfa350ea0a4af4934a64f646691eed| demo??? |
|bc6145f01fb849fcb9ea6a7ba1d84ffe | admin??|
+----------------------------------+---------+
[root@linux-node1 ~]#openstack role list
+----------------------------------+-------+
| ID????????????????????????? ?????| Name?|
+----------------------------------+-------+
|874f576d6a864b0589ffbd1150ee35d4 | user?|
|be3fa42e824f44758201f249fbd9299d | admin |
+----------------------------------+-------+
?
注冊keystone服務(wù),雖然keystone本身是搞注冊的,但是自己也需要注冊服務(wù)
創(chuàng)建keystone認(rèn)證
[root@linux-node1 ~]# openstackservice create --name keystone --description "OpenStack Identity"identity
+-------------+----------------------------------+
| Field?????? | Value??????????????????????????? |
+-------------+----------------------------------+
| description | OpenStackIdentity?????????????? |
| enabled???? | True???????????????????????????? |
| id????????? | c7688c61f8b3414785528d1aa220d4b9 |
| name??????? | keystone???????????????????????? |
| type??????? | identity???????????????????????? |
+-------------+----------------------------------+
?
分別創(chuàng)建三種類型的endpoint,分別為public:對外可見,internal內(nèi)部使用,admin管理使用
[root@linux-node1 ~]# openstackendpoint create --region RegionOne identity publichttp://192.168.1.30:5000/v2.0
+--------------+----------------------------------+
| Field??????? | Value??????????????????????????? |
+--------------+----------------------------------+
| enabled????? | True???????????????????????????? |
| id?????????? | dacd7ffd8769460289cba8a5b14ecfc4 |
| interface??? | public???????? ??????????????????|
| region?????? | RegionOne??????????????????????? |
| region_id??? | RegionOne??????????????????????? |
| service_id?? | c7688c61f8b3414785528d1aa220d4b9 |
| service_name |keystone???????????????????????? |
| service_type |identity?? ??????????????????????|
| url????????? | http://192.168.1.30:5000/v2.0??? |
+--------------+----------------------------------+
[root@linux-node1 ~]#? openstack endpoint create --region RegionOneidentity internal http://192.168.1.30:5000/v2.0
+--------------+----------------------------------+
| Field??????? | Value??????????????????????????? |
+--------------+----------------------------------+
| enabled????? | True???????????????????????????? |
| id?????????? | 084e20b52a4f4b8b9c31fe411819b25e |
| interface??? | internal???????????????????????? |
| region?????? | RegionOne??????????????????????? |
| region_id??? | RegionOne??????????????????????? |
| service_id?? | c7688c61f8b3414785528d1aa220d4b9 |
| service_name |keystone???????????????????????? |
| service_type |identity???????????????????????? |
| url????????? | http://192.168.1.30:5000/v2.0??? |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstackendpoint create --region RegionOne identity admin http://192.168.1.30:35357/v2.0
+--------------+----------------------------------+
| Field??????? | Value??????????????????????????? |
+--------------+----------------------------------+
| enabled????? | True???????????????????????????? |
| id?????????? | f6e6bf61e92e407c85d4a1d336b095eb |
| interface??? | admin??????????????????????????? |
| region?????? | RegionOne??????????????????????? |
| region_id??? | RegionOne??????????????????????? |
| service_id?? | c7688c61f8b3414785528d1aa220d4b9 |
| service_name |keystone???????????????????????? |
| service_type |identity???????????????????????? |
| url????????? | http://192.168.1.30:35357/v2.0?? |
+--------------+----------------------------------+
?
查看創(chuàng)建的endpoint
[root@linux-node1 ~]#openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID?????????????????????????????? | Region??? | Service Name | Service Type | Enabled |Interface | URL?????????????????? ?????????|
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
|084e20b52a4f4b8b9c31fe411819b25e | RegionOne | keystone???? | identity???? | True???| internal? | http://192.168.1.30:5000/v2.0? |
|dacd7ffd8769460289cba8a5b14ecfc4 | RegionOne | keystone???? | identity???? | True???| public??? | http://192.168.1.30:5000/v2.0? |
|f6e6bf61e92e407c85d4a1d336b095eb | RegionOne | keystone???? | identity???? | True???| admin???? |http://192.168.1.30:35357/v2.0 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
?
鏈接到keystone,請求token,在這里由于已經(jīng)添加了用戶名和密碼,就不在使用token,所有就一定要取消環(huán)境變量了
[root@localhost keystone]# unset OS_TOKEN
[root@localhost keystone]#unset OS_URL
?
?
[root@linux-node1 ~]#openstack --os-auth-url http://192.168.1.30:5000/v3 --os-project-domain-iddefault --os-user-domain-id default --os-project-name demo --os-username demouser list
?
?
出的錯(cuò)誤無法解決。。。。。。。。。。。。。。。。。。。。。。。。
?
?
轉(zhuǎn)載于:https://blog.51cto.com/2290153/1980706
總結(jié)
以上是生活随笔為你收集整理的私有云搭建 OpenStack(centos7.3, centos-release-openstack-ocata)的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: DOS分区概述
- 下一篇: 操作系统与多核处理器